Data Privacy Is a Right, Not a Luxury

I rarely think about the cost of convenience. I often use my phone’s navigational system, seeking turn-by-turn directions, but I usually don’t consider the trail of data I’m leaving behind – and even if I do, I decide the benefit outweighs the cost. We live in an age where leaving myriad digital footprints is almost inescapable. Increasingly, we hear of big data analytic companies that “liberate data” or “democratize data” for the purpose of improving products and services or making them more widely available. There are true benefits to advancing our society’s data capabilities and unearthing new patterns and insights. (The phone that tracks my travel can give me advice on promising restaurants nearby.) But the costs can be high. Here in the U.S., the anonymity of “meta” data sets is continually being challenged. Fortunately, in this country consumer advocacy groups and institutions such as theElectronic Privacy Information Center (EPIC), Bureau of Consumer Protection at FTC, and Consumer Financial Protection Bureau (CFPB) are working to address and remedy breaches of privacy and data rights.

In most of the world, similar institutions are nonexistent or under-developed. The fast uptake of technology has opened up large population segments to new possibilities, while leaving them vulnerable. Digital financial services users in developing countries are often choice-less and voiceless on how their data is used.

A recent publication by CGAP, Doing Digital Finance Right, assesses the risk perceptions of consumers using digital financial services. Among the seven key insights identified by authors Kate McKee, Michelle Kaffenberger, and Jamie Zimmerman, was inadequate data privacy and protection. The lack of awareness around what constitutedlegal use of consumers’ personal data was emphasized by an anecdote: Tanzanian mobile money users were concerned that providers were listening into their phone calls or reading their texts (this breach in privacy was not in fact happening).

The United Nations, concerned about the “negative impact that surveillance and interception of communications may have on human rights”, adopted a resolution a few years ago which reaffirmed the right to privacy, condemning unlawful interference with individuals’ privacy, family, home, or correspondence. In June 2014, the African Union held a Convention on Personal Data and Cyber Security in which a legal framework to “strengthen fundamental rights and public freedom” was created. Both of these efforts were promising, but certainly more action is needed.

While a robust legal framework in this area is critical, the Smart Campaign’s self-regulatory framework model complements a legal approach. Smart strives to embed client protection throughout the microfinance industry, more recently evolving to include digital financial services. The Campaign published the “Potential Risks to Clients When Using Digital Financial Services”, an analysis of the salient client risks in digital finance. The complexity of digital financial services, including the multitude of players in the field, make it difficult to identify who is responsible for client protection in this realm – however, the Campaign believes the Client Protection Principles and their application by providers are necessary.

The research on risks customers face when using digital financial services is being integrated into the Smart Campaign’s client protection standards – which also include feedback received from the public, industry stakeholders, and Smart Campaign endorsers. Stay tuned as the draft Certification 2.0 Standards for financial institutions, integrating digital financial services, will be available for public comment soon. The Campaign’s goal is to continue setting the bar in making data privacy, and the multitude of other client protection principles, a reality for every financial services user, digital and otherwise.